While this release is not deemed ready for production use, we believe it is ready for wider testing by the community.

+
+

A large number of the show-stopper bugs have been fixed along with general improvements to the IPv6 support.
+While this release is not fully bug-free we believe it is ready for use in production on many systems.

Known Issue: When non-strict validation fails Squid will relay the request, but can only do
-so safely to the orginal destination IP the client was contacting. The client original
+so safely to the original destination IP the client was contacting. The client original
destination IP is lost when relaying to peers in a hierarchy. This means the upstream peers
are still at risk of causing same-origin bypass CVE-2009-0801 vulnerability.
Developer time is required to implement safe transit of these requests.
@@ -253,7 +255,7 @@
path and parameters as its own command parameters. The concurrency setting already
existing in Squid is used to configure how many child helpers it may run.

The on-demand helpers feature allows greater flexibility and resolves this problem by allowing
maximum, initial and idle thresholds to be configured. Squid will start the initial set during
start and reconfigure phases. However over the operational use new helpers up to the maxium will
-be started as load demands. The idle threshold determins how many more helpers to start if the
+be started as load demands. The idle threshold determines how many more helpers to start if the
currently running set is not enough to handle current request loads.

Automatic detection and use of the pthreads library available from Solaris 10

-

The result of this addition means that faster more efficient AUFS cache storage mechanisims
-are now available in Solaris 10.

+

The result of this addition means that faster more efficient AUFS cache storage mechanism
+is now available in Solaris 10.

Support is experimental at this stage due to lack of feedback on the results of enabling it.
We recommend giving AUFS a try for faster disk storage and encourage feedback.

@@ -431,14 +433,14 @@
feature support in Squid. This release opens Surrogate support to all reverse proxies.

Reverse proxy requests sent on to the web server include the HTTP header Surrogate-Capabilities:
-specifying the capabilities of the reverse proxy along with an ID which can be used to target reponses with
+specifying the capabilities of the reverse proxy along with an ID which can be used to target responses with
a Surrogate-Control: HTTP header used instead of the Cache-Control: header.

The default surrogate ID is generated automatically from the Squid site-unique hostname as found by the
automatic detection or manual configuration of visible_hostname although can be configured
separately with the httpd_accel_surrogate_id option.

Security Considerations: Websites should be careful of accepting any surrogate ID.
Older releases of Squid leak the Surrogate-Control headers to external servers.
This 3.2 series of Squid will now prevent this leakage of its own ID destined responses, however it is possible
and for some uses desirable to receive external reverse-proxies Surrogate-Capabilities: headers.

@@ -553,7 +555,7 @@

should contain a complete HTML page, with optional client-side scripting.

must not contain server-side scripting.

-

will have macro substitution performed on it using the same macros as used by the error page tempates.

+

will have macro substitution performed on it using the same macros as used by the error page templates.

New setting for client bandwidth limits to determines the
client-side delay pool for the request.

client_dst_passthru

@@ -727,17 +729,12 @@
New installs, or installs with no logs configured explicitly will use this module by default.

New tcp module to send each log line as text data to a TCP receiver.

New udp module to send each log line as text data to a UDP receiver.

-

New format referrer to log with the format prevously used by referer_log directive.

-

New format useragent to log with the format prevously used by useragent_log directive.

+

New format referrer to log with the format previously used by referer_log directive.

+

New format useragent to log with the format previously used by useragent_log directive.

-

acl : random, localip, localport

+

acl : random, urllogin

New type random. Pseudo-randomly match requests based on a configured probability.

-

Renamed myip to localip. It matches the IP which the client connected to.

-

Renamed myport to localport. It matches the port which the client connected to.

Ported urllogin option from Squid 2.7, to match a regex pattern on the URL login field (if any).

-

The localip/localport differ from earlier releases where they matched a mix of
-of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port.
-This definition is now consistent across all modes of traffic received by Squid.

The manager ACL requires adjustment to cover new cache manager access. So it has now been
built-in as a predefined ACL name matching URLs equivalent to the following regular expression:

@@ -749,7 +746,7 @@

auth_param

New options for Basic, Digest, NTLM, Negotiate children settings.
-startup=N determins minimum number of helper processes used.
+startup=N determines minimum number of helper processes used.
idle=N determines how many helper to retain as buffer against sudden traffic loads.
concurrency=N previously called auth_param ... concurrency as a separate option.

Obsolete. The experimental actions enabled in 2.7 by this option have been integrated as default
+actions for the rock storage type and memory caches.
+The configuration option is no longer necessary and has been dropped.
+NOTE: It is not yet supported by ufs, aufs, or diskd storage.

+

upgrade_http0.9

Obsolete.

@@ -1275,9 +1278,6 @@

storeurl_rewrite_program

Not yet ported from 2.7

-

update_headers

-

Not yet fully ported from 2.7. Memory and rock storage caches support this natively. UFS caches do not support it.